Kernel Hardening

Android 8.0 added kernel hardening features to help mitigate kernel
vulnerabilities and find bugs in kernel drivers. The features are in kernel/common in
branches android-3.18, android-4.4, and android-4.9.

Implementation

To acquire these features, device manufacturers and SOCs should merge all
hardening patches from kernel/common to their kernel tree and
enable the following kernel configuration options:

Hardened usercopy: CONFIG_HARDENED_USERCOPY=y

PAN emulation - arm64: CONFIG_ARM64_SW_TTBR0_PAN=y

PAN emulation - arm: CONFIG_CPU_SW_DOMAIN_PAN=y

KASLR - 4.4 and later kernels:
CONFIG_RANDOMIZE_BASE=y

KASLR also requires bootloader support for passing hardware entropy through
either the device tree node /chosen/kaslr-seed or by implementing
EFI_RNG_PROTOCOL.

Common issues

These changes are likely to expose bugs in kernel drivers, which need to be
fixed either by the device manufacturer or the owner of the kernel driver.

Hardened usercopy exposes incorrect bounds checking when copying data
to/from user space. These should be fixed like any other memory corruption bugs.

PAN emulation exposes direct user space access from the kernel, which is not
allowed. Drivers attempting to access user space memory need to be changed to
use the standard copy_to_user()/copy_from_user()
functions instead.

Content and code samples on this page are subject to the licenses described in the Content License. Java is a registered trademark of Oracle and/or its affiliates.